Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Is there a line of defense against Distributed Reflective attacks?

  • From: Sean Donelan
  • Date: Fri Jan 17 03:50:01 2003

> > What kinds of mechanisms exist for keeping track of the origins of
> > something of this nature?
>
> Normally that's not very productive as they are mostly owned boxes that
> will be rebuilt and reowned in days :(

We could automate the tracing process, like *57 customer initiated trace
on the telephone network ($5 per use).  But then what?

You can track the sources as quickly as you can, but part of the question
becomes how long and how many sources do you keep blocked once you have
tracked them.  Is it one strike and you're out forever.  If 80% of the
attacks are not spoofed, why not create yet another RBL and keep adding
more and more addresses?  If you remove the filter after the attack stops,
it will just come back or they'll choose a different victim.

Do we need te equivalent of a dog bite law for computers.  If your
computer attacks another computer, the owner is responsible.  File a
police report, and the ISP will give the results of the *57 trace to
the local police.  The police can then put down the rabid computer,
permanently.





Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.